mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
49 lines
1.3 KiB
Plaintext
49 lines
1.3 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
//* assembly/builds
|
|
//* builds/creating-build-inputs.adoc
|
|
|
|
[id="adding-source-clone-secrets-{context}"]
|
|
= Adding Source Clone Secrets
|
|
|
|
Builder Pods require access to any Git repositories defined as source for a
|
|
build. Source clone secrets are used to provide the builder Pod with access it
|
|
would not normally have access to, such as private repositories or repositories
|
|
with self-signed or untrusted SSL certificates.
|
|
|
|
.Prerequisites
|
|
|
|
* The following source clone secret configurations are supported.
|
|
** .gitconfig File
|
|
** Basic Authentication
|
|
** SSH Key Authentication
|
|
** Trusted Certificate Authorities
|
|
|
|
[NOTE]
|
|
====
|
|
You can also use combinations of these configurations
|
|
to meet your specific needs.
|
|
====
|
|
|
|
.Procedure
|
|
|
|
Builds are run with the *builder* service account, which must have access to any
|
|
source clone secrets used.
|
|
|
|
* Run the following command to grant access:
|
|
|
|
----
|
|
$ oc secrets link builder mysecret
|
|
----
|
|
|
|
[NOTE]
|
|
====
|
|
Limiting secrets to only the service accounts that reference them is disabled by
|
|
default. This means that if `serviceAccountConfig.limitSecretReferences` is set
|
|
to `false` (the default setting) in the master configuration file, linking
|
|
secrets to a service is not required.
|
|
====
|
|
|
|
//.Additional resources
|
|
//* Source Secrets Combinations
|